Loading ...
Sorry, an error occurred while loading the content.
 

Re: email from comcast.net is bouncing

Expand Messages
  • Grant
    ... # grep [209.85.219.51 ]:41193 -R /var/log/mail Aug 26 21:21:29 [postfix/postscreen] CONNECT from [209.85.219.51]:41193 to [MASKED]:25 Aug 26 21:21:35
    Message 1 of 23 , Aug 30 1:44 AM
      >> > Aug 26 21:21:35 [postfix/tlsproxy] CONNECT from
      >> > [209.85.219.51]:41193
      >> > Aug 26 21:21:36 [postfix/postscreen] NOQUEUE: reject: RCPT from
      >> > [209.85.219.51]:41193: 450 4.3.2 Service currently unavailable;
      >> > from=<MASKED@...>, to=<MASKED@...>, proto=ESMTP,
      >> > helo=<mail-oa0-f51.google.com>
      >> > Aug 26 21:21:36 [postfix/tlsproxy] DISCONNECT [209.85.219.51]:41193
      >> >
      >> > The IP is whitelisted:
      >> >
      >> > http://dnswl.org/s?s=209.85.219.51
      >>
      >> Check again. Is the logging complete? Where are the dnsblog(8) log
      >> entries? If this is in fact all the logging you got from this
      >> connection, you're not getting your list.dnswl.org lookup.
      >
      > Good point. dnsblog will be silent ONLY when list.dnswl.org replies
      > that the IP address is not listed (and perhaps when you send more
      > queries than your dnswl.org subscription allows).
      >
      > Also the logging above is incomplete. You left out the CONNECT
      > logging from postscreen (and perhaps more).
      >
      > For the complete postscreen/tlsproxy log:
      >
      > grep '\[209.85.219.51\]:41193' the-maillog-file

      # grep '\[209.85.219.51\]:41193' -R /var/log/mail
      Aug 26 21:21:29 [postfix/postscreen] CONNECT from
      [209.85.219.51]:41193 to [MASKED]:25
      Aug 26 21:21:35 [postfix/tlsproxy] CONNECT from [209.85.219.51]:41193
      Aug 26 21:21:36 [postfix/postscreen] NOQUEUE: reject: RCPT from
      [209.85.219.51]:41193: 450 4.3.2 Service currently unavailable;
      from=<MASKED@...>, to=<MASKED@...>, proto=ESMTP,
      helo=<mail-oa0-f51.google.com>
      Aug 26 21:21:36 [postfix/tlsproxy] DISCONNECT [209.85.219.51]:41193
      Aug 26 21:21:36 [postfix/postscreen] HANGUP after 0.1 from
      [209.85.219.51]:41193 in tests after SMTP handshake
      Aug 26 21:21:36 [postfix/postscreen] PASS NEW [209.85.219.51]:41193
      Aug 26 21:21:36 [postfix/postscreen] DISCONNECT [209.85.219.51]:41193

      > for the dnsblog log
      >
      > grep 'Aug 26 21:21.*dnsblog.*209.85.219.51'

      # grep '.*dnsblog.*209.85.219.51' -R /var/log/mail
      #

      I grep'ed the mail logs for dnsblog and got a huge number of these:

      [postfix/postscreen] warning: psc_dnsbl_request: connect to
      private/dnsblog service: No such file or directory

      - Grant
    • Noel Jones
      ... Looks as if you ve found the problem. Make sure your master.cf has an entry like: dnsblog unix - - n - 0 dnsblog -- Noel
      Message 2 of 23 , Aug 30 4:04 AM
        On 8/30/2013 3:44 AM, Grant wrote:
        >
        > I grep'ed the mail logs for dnsblog and got a huge number of these:
        >
        > [postfix/postscreen] warning: psc_dnsbl_request: connect to
        > private/dnsblog service: No such file or directory

        Looks as if you've found the problem.

        Make sure your master.cf has an entry like:

        dnsblog unix - - n - 0 dnsblog




        -- Noel Jones
      • Wietse Venema
        ... Where is the dnsblog logging? dnsblog will complain if the reply does not arrive, or if it arrives too late. grep 209.85.219.51 the-maillog-file Where is
        Message 3 of 23 , Aug 30 4:08 AM
          Grant:
          > >> Aug 26 21:21:35 [postfix/tlsproxy] CONNECT from [209.85.219.51]:41193
          > >> Aug 26 21:21:36 [postfix/postscreen] NOQUEUE: reject: RCPT from
          > >> [209.85.219.51]:41193: 450 4.3.2 Service currently unavailable;
          > >> from=<MASKED@...>, to=<MASKED@...>, proto=ESMTP,
          > >> helo=<mail-oa0-f51.google.com>
          > >> Aug 26 21:21:36 [postfix/tlsproxy] DISCONNECT [209.85.219.51]:41193
          > > ...
          > >> postscreen_bare_newline_enable = yes
          > >> postscreen_non_smtp_command_enable = yes
          > >> postscreen_pipelining_enable = yes
          > >
          > > As documented, the above settings will cause Postfix to reject mail
          > > with 4XX:
          > >
          > > http://www.postfix.org/POSTSCREEN_README.html#after_220
          >
          > Yes but the issue is that the whitelist doesn't seem to be working.

          Where is the dnsblog logging? dnsblog will complain if the reply
          does not arrive, or if it arrives too late.

          grep 209.85.219.51 the-maillog-file

          Where is the postscreen logging *before* tlsproxy's CONNECT event?

          grep 209.85.219.51.:41193 the maillog file

          Why don't provide the information that you have been asked for?

          Wietse
        • Grant
          ... Thank you. I added it and restarted postfix and started to get errors like these: [postfix/dnsblog] warning: dnsblog_query: lookup error for DNS query
          Message 4 of 23 , Aug 30 12:27 PM
            >> I grep'ed the mail logs for dnsblog and got a huge number of these:
            >>
            >> [postfix/postscreen] warning: psc_dnsbl_request: connect to
            >> private/dnsblog service: No such file or directory
            >
            > Looks as if you've found the problem.
            >
            > Make sure your master.cf has an entry like:
            >
            > dnsblog unix - - n - 0 dnsblog

            Thank you. I added it and restarted postfix and started to get errors
            like these:

            [postfix/dnsblog] warning: dnsblog_query: lookup error for DNS query
            MASKED.list.dnswl.org: Host or domain name not found. Name service
            error for name=MASKED.list.dnswl.org type=A: Host not found, try again

            I did some searching and I think this was due to my use of Google's
            DNS resolvers (8.8.8.8 and 8.8.4.4). I added my host's DNS resolver
            first in the list and the errors seem to have stopped. Is that a good
            config?

            I also read a recommendation to set up a caching nameserver like
            unbound on the same machine as postfix. Is that the right thing to
            do?

            Is there a way to verify that everything is working properly?

            - Grant
          • Noel Jones
            ... Postfix always add missing master.cf entries automatically as part of the upgrade procedure. You can break this by restoring an old file after the
            Message 5 of 23 , Aug 30 12:52 PM
              On 8/30/2013 2:27 PM, Grant wrote:
              >>> I grep'ed the mail logs for dnsblog and got a huge number of these:
              >>>
              >>> [postfix/postscreen] warning: psc_dnsbl_request: connect to
              >>> private/dnsblog service: No such file or directory
              >>
              >> Looks as if you've found the problem.
              >>
              >> Make sure your master.cf has an entry like:
              >>
              >> dnsblog unix - - n - 0 dnsblog
              >
              > Thank you. I added it and restarted postfix and started to get errors
              > like these:

              Postfix always add missing master.cf entries automatically as part
              of the upgrade procedure. You can break this by restoring an old
              file after the upgrade.


              >
              > [postfix/dnsblog] warning: dnsblog_query: lookup error for DNS query
              > MASKED.list.dnswl.org: Host or domain name not found. Name service
              > error for name=MASKED.list.dnswl.org type=A: Host not found, try again
              >
              > I did some searching and I think this was due to my use of Google's
              > DNS resolvers (8.8.8.8 and 8.8.4.4). I added my host's DNS resolver
              > first in the list and the errors seem to have stopped. Is that a good
              > config?

              Yes, good. Many public DNS servers are denied access by RBL
              providers due to excessive query load.

              Using your own DNS is the proper solution.

              >
              > I also read a recommendation to set up a caching nameserver like
              > unbound on the same machine as postfix. Is that the right thing to
              > do?

              A local caching nameserver is highly recommended. If you already
              have one that's working OK, there's no pressing need to replace it.


              >
              > Is there a way to verify that everything is working properly?

              Watch the logs for errors or unexpected behavior.




              -- Noel Jones
            • James Griffin
              ... using a local DNS server has worked brilliantly for me. It s trivial to set up and provides excellent benefits. -- James Griffin: jmz at kontrol.kode5.net
              Message 6 of 23 , Aug 31 12:18 AM
                !-- On Fri 30.Aug'13 at 20:27:43 BST, Grant (emailgrant@...), wrote:
                > >> I grep'ed the mail logs for dnsblog and got a huge number of these:
                > >>
                > >> [postfix/postscreen] warning: psc_dnsbl_request: connect to
                > >> private/dnsblog service: No such file or directory
                > >
                > > Looks as if you've found the problem.
                > >
                > > Make sure your master.cf has an entry like:
                > >
                > > dnsblog unix - - n - 0 dnsblog
                >
                > Thank you. I added it and restarted postfix and started to get errors
                > like these:
                >
                > [postfix/dnsblog] warning: dnsblog_query: lookup error for DNS query
                > MASKED.list.dnswl.org: Host or domain name not found. Name service
                > error for name=MASKED.list.dnswl.org type=A: Host not found, try again
                >
                > I did some searching and I think this was due to my use of Google's
                > DNS resolvers (8.8.8.8 and 8.8.4.4). I added my host's DNS resolver
                > first in the list and the errors seem to have stopped. Is that a good
                > config?
                >
                > I also read a recommendation to set up a caching nameserver like
                > unbound on the same machine as postfix. Is that the right thing to
                > do?
                >
                > Is there a way to verify that everything is working properly?
                >
                > - Grant


                using a local DNS server has worked brilliantly for me. It's trivial to
                set up and provides excellent benefits.

                --


                James Griffin: jmz at kontrol.kode5.net

                A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38
              • Grant
                ... I m on Gentoo and I use the etc-update script to update config files after upgrading. Should dnsblog be uncommented in a default master.cf? If so I may
                Message 7 of 23 , Sep 1, 2013
                  >>>> I grep'ed the mail logs for dnsblog and got a huge number of these:
                  >>>>
                  >>>> [postfix/postscreen] warning: psc_dnsbl_request: connect to
                  >>>> private/dnsblog service: No such file or directory
                  >>>
                  >>> Looks as if you've found the problem.
                  >>>
                  >>> Make sure your master.cf has an entry like:
                  >>>
                  >>> dnsblog unix - - n - 0 dnsblog
                  >>
                  >> Thank you. I added it and restarted postfix and started to get errors
                  >> like these:
                  >
                  > Postfix always add missing master.cf entries automatically as part
                  > of the upgrade procedure. You can break this by restoring an old
                  > file after the upgrade.

                  I'm on Gentoo and I use the etc-update script to update config files
                  after upgrading. Should dnsblog be uncommented in a default
                  master.cf? If so I may need to file a Gentoo bug.

                  >> Is there a way to verify that everything is working properly?
                  >
                  > Watch the logs for errors or unexpected behavior.

                  I see that the following message received a 450. The IP is not listed
                  at dnswl.org and when I look it up it appears to come from China. Is
                  this a spoof?

                  NOQUEUE: reject: RCPT from [183.8.195.26]:3302: 450 4.3.2 Service
                  currently unavailable; from=<MASKED@...>,
                  to=<MASKED@...>, proto=ESMTP, helo=<gmail.com>

                  - Grant
                • James Griffin
                  ... The ip 183.8.195.26 is certainly a spammer. Just looked it up using whois nad host(1). -- James Griffin: jmz at kontrol.kode5.net A4B9 E875 A18C 6E11 F46D
                  Message 8 of 23 , Sep 1, 2013
                    !-- On Sun 1.Sep'13 at 9:52:50 BST, Grant (emailgrant@...), wrote:
                    > >>>> I grep'ed the mail logs for dnsblog and got a huge number of these:
                    > >>>>
                    > >>>> [postfix/postscreen] warning: psc_dnsbl_request: connect to
                    > >>>> private/dnsblog service: No such file or directory
                    > >>>
                    > >>> Looks as if you've found the problem.
                    > >>>
                    > >>> Make sure your master.cf has an entry like:
                    > >>>
                    > >>> dnsblog unix - - n - 0 dnsblog
                    > >>
                    > >> Thank you. I added it and restarted postfix and started to get errors
                    > >> like these:
                    > >
                    > > Postfix always add missing master.cf entries automatically as part
                    > > of the upgrade procedure. You can break this by restoring an old
                    > > file after the upgrade.
                    >
                    > I'm on Gentoo and I use the etc-update script to update config files
                    > after upgrading. Should dnsblog be uncommented in a default
                    > master.cf? If so I may need to file a Gentoo bug.
                    >
                    > >> Is there a way to verify that everything is working properly?
                    > >
                    > > Watch the logs for errors or unexpected behavior.
                    >
                    > I see that the following message received a 450. The IP is not listed
                    > at dnswl.org and when I look it up it appears to come from China. Is
                    > this a spoof?
                    >
                    > NOQUEUE: reject: RCPT from [183.8.195.26]:3302: 450 4.3.2 Service
                    > currently unavailable; from=<MASKED@...>,
                    > to=<MASKED@...>, proto=ESMTP, helo=<gmail.com>

                    The ip 183.8.195.26 is certainly a spammer. Just looked it up using whois
                    nad host(1).

                    --


                    James Griffin: jmz at kontrol.kode5.net

                    A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38
                  • Grant
                    ... Thanks James. This is all very cool. A blacklist (zen.spamhaus.org), a whitelist (list.dnswl.org), and a greylist . 2.11 looks to be a fantastic
                    Message 9 of 23 , Sep 1, 2013
                      >> >>>> I grep'ed the mail logs for dnsblog and got a huge number of these:
                      >> >>>>
                      >> >>>> [postfix/postscreen] warning: psc_dnsbl_request: connect to
                      >> >>>> private/dnsblog service: No such file or directory
                      >> >>>
                      >> >>> Looks as if you've found the problem.
                      >> >>>
                      >> >>> Make sure your master.cf has an entry like:
                      >> >>>
                      >> >>> dnsblog unix - - n - 0 dnsblog
                      >> >>
                      >> >> Thank you. I added it and restarted postfix and started to get errors
                      >> >> like these:
                      >> >
                      >> > Postfix always add missing master.cf entries automatically as part
                      >> > of the upgrade procedure. You can break this by restoring an old
                      >> > file after the upgrade.
                      >>
                      >> I'm on Gentoo and I use the etc-update script to update config files
                      >> after upgrading. Should dnsblog be uncommented in a default
                      >> master.cf? If so I may need to file a Gentoo bug.
                      >>
                      >> >> Is there a way to verify that everything is working properly?
                      >> >
                      >> > Watch the logs for errors or unexpected behavior.
                      >>
                      >> I see that the following message received a 450. The IP is not listed
                      >> at dnswl.org and when I look it up it appears to come from China. Is
                      >> this a spoof?
                      >>
                      >> NOQUEUE: reject: RCPT from [183.8.195.26]:3302: 450 4.3.2 Service
                      >> currently unavailable; from=<MASKED@...>,
                      >> to=<MASKED@...>, proto=ESMTP, helo=<gmail.com>
                      >
                      > The ip 183.8.195.26 is certainly a spammer. Just looked it up using whois
                      > nad host(1).

                      Thanks James. This is all very cool. A blacklist (zen.spamhaus.org),
                      a whitelist (list.dnswl.org), and a "greylist". 2.11 looks to be a
                      fantastic release for easily-configured anti-spam measures. I'm just
                      not getting spam anymore and I don't think I'm rejecting legitimate
                      mail either.

                      Thanks to all,
                      Grant
                    • Wietse Venema
                      ... As distributed by me, the inet smtpd service is active, and all postscreen-related services are commented out. smtp inet n - n -
                      Message 10 of 23 , Sep 1, 2013
                        Grant:
                        > I'm on Gentoo and I use the etc-update script to update config files
                        > after upgrading. Should dnsblog be uncommented in a default
                        > master.cf? If so I may need to file a Gentoo bug.

                        As distributed by me, the 'inet' smtpd service is active, and all
                        postscreen-related services are commented out.

                        smtp inet n - n - - smtpd
                        #smtp inet n - n - 1 postscreen
                        #smtpd pass - - n - - smtpd
                        #dnsblog unix - - n - 0 dnsblog
                        #tlsproxy unix - - n - 0 tlsproxy

                        As documented, when you turn on postcreen you turn off the 'inet'
                        smtpd service and turn on all the postscreen-related services:

                        #smtp inet n - n - - smtpd
                        smtp inet n - n - 1 postscreen
                        smtpd pass - - n - - smtpd
                        dnsblog unix - - n - 0 dnsblog
                        tlsproxy unix - - n - 0 tlsproxy

                        Details in http://www.postfix.org/POSTSCREEN_README.html#config

                        Wietse
                      • Grant
                        ... Understood. In that case I don t think Gentoo s config updater is meant to handle this sort of thing (conditionals) and no bug report there is necessary.
                        Message 11 of 23 , Sep 1, 2013
                          > Grant:
                          >> I'm on Gentoo and I use the etc-update script to update config files
                          >> after upgrading. Should dnsblog be uncommented in a default
                          >> master.cf? If so I may need to file a Gentoo bug.
                          >
                          > As distributed by me, the 'inet' smtpd service is active, and all
                          > postscreen-related services are commented out.
                          >
                          > smtp inet n - n - - smtpd
                          > #smtp inet n - n - 1 postscreen
                          > #smtpd pass - - n - - smtpd
                          > #dnsblog unix - - n - 0 dnsblog
                          > #tlsproxy unix - - n - 0 tlsproxy
                          >
                          > As documented, when you turn on postcreen you turn off the 'inet'
                          > smtpd service and turn on all the postscreen-related services:
                          >
                          > #smtp inet n - n - - smtpd
                          > smtp inet n - n - 1 postscreen
                          > smtpd pass - - n - - smtpd
                          > dnsblog unix - - n - 0 dnsblog
                          > tlsproxy unix - - n - 0 tlsproxy
                          >
                          > Details in http://www.postfix.org/POSTSCREEN_README.html#config

                          Understood. In that case I don't think Gentoo's config updater is
                          meant to handle this sort of thing (conditionals) and no bug report
                          there is necessary.

                          - Grant
                        Your message has been successfully submitted and would be delivered to recipients shortly.